VYPR

Essential Addons For Elementor Lite

by WordPress

Source repositories

CVEs (20)

  • CVE-2022-0320CriFeb 1, 2022
    risk 0.64cvss 9.8epss 0.02

    The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server,…

  • CVE-2022-0683MedFeb 24, 2022
    risk 0.40cvss 6.1epss 0.03

    The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a…

  • CVE-2026-5193MedMay 14, 2026
    risk 0.35cvss 6.5epss 0.00

    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'register_user' function, which only blocks…

  • CVE-2026-1512MedFeb 14, 2026
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping…

  • CVE-2025-13977MedDec 17, 2025
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitization and output…

  • CVE-2025-8451MedAug 15, 2025
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-gallery-items’ parameter in all versions up to, and including, 6.2.2 due to insufficient input sanitization…

  • CVE-2024-5189MedJun 11, 2024
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘custom_js’ parameter in all versions up to, and including, 5.9.23 due to insufficient input…

  • CVE-2024-5188MedJun 6, 2024
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'get_manual_calendar_events' function in all versions up to, and including, 5.9.22 due to insufficient…

  • CVE-2024-5073MedMay 30, 2024
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Twitter Feed component in all versions up to, and including, 5.9.21 due to insufficient input…

  • CVE-2024-4624MedMay 14, 2024
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugins for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_ext_toc_title_tag’ parameter in versions up to, and including, 5.9.20 due to insufficient…

  • CVE-2024-4448MedMay 14, 2024
    risk 0.35cvss 6.4epss 0.01

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' widgets in all versions up to,…

  • CVE-2024-4275MedMay 14, 2024
    risk 0.35cvss 6.4epss 0.00

    The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Interactive Circle widget in all versions up to, and including, 5.9.19 due to insufficient…

  • CVE-2021-24255MedMay 5, 2021
    risk 0.35cvss 5.4epss 0.01

    The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via a similar method.

  • CVE-2026-1004MedJan 16, 2026
    risk 0.27cvss 5.3epss 0.00

    The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This makes it possible for unauthenticated attackers to retrieve WooCommerce product…

  • CVE-2025-69092Dec 30, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows DOM-Based XSS.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.3.

  • CVE-2025-6244Jul 8, 2025
    risk 0.00cvss epss 0.00

    The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets attributes in all versions up to, and including, 6.1.19 due to insufficient…

  • CVE-2024-8978Nov 15, 2024
    risk 0.00cvss epss 0.00

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls'…

  • CVE-2024-8979Nov 15, 2024
    risk 0.00cvss epss 0.00

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls'…

  • CVE-2021-4447Oct 16, 2024
    risk 0.00cvss epss 0.00

    The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form and a custom registration role to an Elementor created page. This makes it…

  • CVE-2024-8742Sep 13, 2024
    risk 0.00cvss epss 0.00

    The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 6.0.3 due to…